IACR paper details

In this work we consider the following primitive, that we call {\it restricted adaptive oblivious transfer}. On the one hand, the owner of a database wants to restrict the access of users to this data according to some policy, in such a way that a user can only obtain information satisfying the restrictions imposed by the owner. On the other hand, a legitimate user wants to privately retrieve allowed parts of the data, in a sequential and adaptive way, without letting the owner know which part of the data is being obtained.
After having formally described the components and required properties of a protocol for restricted adaptive oblivious transfer, we propose two schemes to realize this primitive. The first one is only of theoretical interest at the current time, because it uses a cryptographic tool which has not been realized yet: cryptosystems which are both multiplicatively and additively homomorphic. The second scheme, fully implementable, is based on secret sharing schemes.